ADef: an Iterative Algorithm to Construct Adversarial Deformations
This addresses the problem of adversarial robustness for image classifiers, but it is incremental as it introduces a new type of attack rather than a defense.
The paper tackles the vulnerability of deep neural networks to adversarial attacks by proposing ADef, an iterative algorithm that constructs adversarial examples through small deformations, demonstrating results on MNIST with convolutional networks and on ImageNet with Inception-v3 and ResNet-101.
While deep neural networks have proven to be a powerful tool for many recognition and classification tasks, their stability properties are still not well understood. In the past, image classifiers have been shown to be vulnerable to so-called adversarial attacks, which are created by additively perturbing the correctly classified image. In this paper, we propose the ADef algorithm to construct a different kind of adversarial attack created by iteratively applying small deformations to the image, found through a gradient descent step. We demonstrate our results on MNIST with convolutional neural networks and on ImageNet with Inception-v3 and ResNet-101.